fix(api): respond with HTTP 401 when trying to authenticate...

...to a Snow Owl service without valid identity providers (like JWT only, acting as resource server)
b2ihealthcare · Jun 30, 2022 · 7f16e9f · 7f16e9f
1 parent 1247e96
commit 7f16e9f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/...national.snowowl.core/src/com/b2international/snowowl/core/identity/IdentityProvider.java b/...national.snowowl.core/src/com/b2international/snowowl/core/identity/IdentityProvider.java
@@ -22,6 +22,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.b2international.commons.exceptions.BadRequestException;
 import com.b2international.snowowl.core.events.util.Promise;
 
 /**
@@ -74,7 +75,7 @@ public void validateSettings() {
 
 		@Override
 		public User auth(String username, String password) {
-			throw new UnsupportedOperationException("AccessToken based authentication/authorization does not support username/password");
+			return null;
 		}
 
 		@Override
@@ -84,7 +85,7 @@ public String getInfo() {
 
 		@Override
 		public Promise<Users> searchUsers(Collection<String> usernames, int limit) {
-			throw new UnsupportedOperationException("AccessToken based authentication/authorization does not support searching users");
+			return Promise.immediate(new Users(limit, 0));
 		}
 
 		@Override
@@ -98,6 +99,7 @@ public void validateSettings() throws Exception {
 	 * @param username - a username to use for authentication
 	 * @param password - the user's password to use for authentication
 	 * @return an authenticated {@link User} and its permissions or <code>null</code> if the username or password is incorrect.
+	 * @throws BadRequestException - if authentication is not supported by this provider
 	 */
 	User auth(String username, String password);
 

diff --git a/...nal.snowowl.core/src/com/b2international/snowowl/core/identity/MultiIdentityProvider.java b/...nal.snowowl.core/src/com/b2international/snowowl/core/identity/MultiIdentityProvider.java
@@ -19,6 +19,7 @@
 import java.util.List;
 import java.util.stream.Collectors;
 
+import com.b2international.commons.exceptions.BadRequestException;
 import com.b2international.snowowl.core.events.util.Promise;
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.Iterables;
@@ -47,9 +48,13 @@ public void addUser(String username, String password) {
 	@Override
 	public User auth(String username, String token) {
 		for (IdentityProvider identityProvider : providers) {
-			User user = identityProvider.auth(username, token);
-			if (user != null) {
-				return user;
+			try {
+				User user = identityProvider.auth(username, token);
+				if (user != null) {
+					return user;
+				}
+			} catch (BadRequestException e) {
+				// ignore bad request exceptions coming from providers
 			}
 		}
 		return null;